© Ozphoto, Fotolia.com
Hiding a malicious file from virus scanners
Pen Tests
A penetration tester simulates an attack on a customer's network by trying to find a way inside. Many such attacks begin with the use of a scanning tool, such as Nexpose, Nessus, or Nmap, to look for network vulnerabilities; however, several of the leading intrusion detection and protection systems are capable of alerting the network owner when a scan is in process. Rather than scanning for an open port, a devious alternative is to email a payload to the victim that will allow the attacker to establish a foothold on the victim's network. The Metasploit framework includes several binary payloads you can use to open an attack by email – if you can slip past the virus scanners.
Metasploit Antivirus Bypass
A skilled intruder who delivers a payload to your network in the form of an email message will want to make sure the payload can evade detection by antivirus software. Most antivirus software vendors use a signature base to identify malicious code. To avoid antivirus detection, an intruder must devise a payload that will not match the available antivirus signatures.
The Metasploit [1] penetration testing framework provides a collection of tools you can use to test a network by attacking it the way an intruder would attack it. Metasploit's msfpayload option lets you create a standalone binary to serve as a malicious payload, and the msfencode option encodes the binary to confuse the antivirus scanners. Msfpayload allows you to generate shell code, executables and more. To see a list of options, use msfpayload -h at the command line, and to see a list of available shell code that you can customize for your specific attack, use msfpayload -l. To see a list of options for msfencode, use msfencode -h at the command line. To view which encoders are available, run the
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
How to Hide a Malicious File
The best way to stop an attack is to think like an attacker. We’ll show you how to use the Metasploit framework to create a malicious payload that escapes antivirus detection.
-
Slipping your pen test past antivirus protection with Veil-Evasion
The Veil pen-testing platform provides some powerful tools that will hide your attack from antivirus scanners – and Veil even supports Metasploit payloads. -
Hunt down vulnerabilities with the Metasploit pen-testing tool
The veteran Metasploit is by no means obsolete and is still used as a typical workflow to find and analyze security vulnerabilities in Windows 10 and Linux systems. -
Penetration testing and shell tossing with Metasploit
The powerful Metasploit framework helps you see your network as an intruder would see it. You might discover it is all too easy to get past your own defenses. - DeepLocker: An AI Powered Malware